Privacy Policy
Jul 4, 2025
Qurios AI Privacy Policy
Last updated 4 July 2025
Interpretation and Definitions
Interpretation
Words with an initial capital letter have meanings set out below. The same meanings apply whether the terms appear in singular or plural.
Definitions
Account – a unique profile that lets You access the Services.
Affiliate – any entity that controls, is controlled by or under common control with Qurios; “control” means ownership of > 50 % of voting securities.
Company / Qurios / We / Us – Qurios Labs Pte. Ltd., 3 Phillip Street, #10-04, Royal Group Building, Singapore 048693.
Cookies – text files placed on a Device to store session or preference data.
Country – Singapore.
Device – any hardware that can access the Services, such as a laptop, mobile phone or tablet.
Large Language Model (LLM) – a machine-learning model capable of generating or classifying natural-language text, sourced from third-party providers or run by Qurios.
Memory – a structured snippet (text, file reference or metadata) stored by Qurios for retrieval and reuse. Includes Thread Memories (private by default), Room Memories (shared within a Room) and Public Memories (bootstrapped by Qurios from public sources, or published by users to the Marketplace).
Marketplace – the in-app catalogue where Public Memories can be licensed on a subscription or pay-per-use basis.
Personal Data – any information relating to an identified or identifiable natural person, as defined under the Singapore PDPA and, where applicable, the EU/UK GDPR.
Processing – any operation performed on Personal Data, whether automated or not, such as collection, storage, use, disclosure or deletion.
Room – a collaborative workspace whose members can view each other’s Threads and shared Memories.
Services – the qurios.ai website, web app, desktop and mobile apps, browser extensions, Telegram bot, APIs, documentation and any beta features we operate.
Service Provider – any party that Processes data on behalf of Qurios (e.g., hosting, analytics, payment).
Thread – an LLM conversation created by a user in a Room or personal workspace.
User Content – any data that You or other users upload, generate or publish through the Services, including Threads, Memories and files.
You / Your – the individual or legal entity accessing or using the Services.
Scope
This policy applies to all visitors and registered users. Separate data-processing addenda may apply to enterprise customers who sign a Master Services Agreement.
Information we collect
Category | Examples | Source |
Account & profile | Email address, hashed refresh token, name auto-parsed from email | You |
Workspace content | LLM threads, chat messages, files, comments, “memories” you publish | You / room members |
Usage & device | IP address, browser type, interaction logs, crash reports | Your device |
Payment & commerce | Last four digits of card, Stripe or Coinbase-Commerce transaction IDs, subscription tier | Payment processor |
Marketplace telemetry | Memory-tap counts, credit debits, royalty accrual | In-product events |
Cookies & similar tech | Session cookie, CSRF token, optional analytics cookie | Your browser |
We do not knowingly collect information from children under 13.
How we use your information
Provide the core service (authenticate you, render rooms, route prompts).
Collaboration & sharing —show your threads to other room members and, if you toggle “publish”, expose selected memories to the whole room, or to the public marketplace if you opt-in.
Inference & retrieval —send your prompt plus the relevant context snippets to our LLM and infrastructure providers (currently Perplexity Sonar, OpenAI, Google Gemini and Google Cloud, Mem0).
Product R&D —aggregate, anonymise and sample usage data to debug latency, tune ranking heuristics and guard against abuse.
Billing & fraud prevention.
Legal compliance (tax, sanctions, law-enforcement requests).
When we share your information
Recipient | Why |
---|---|
Hosting & infra (Google Cloud, Firestore, AWS S3) | Encrypted storage and compute |
LLM APIs (Perplexity, OpenAI, Google, Messari) | On-demand inference; no training right is granted without opt-in |
Payment processors (Stripe, Coinbase Commerce) | Subscription, usage credits, creator payouts |
Other users | ↳ Inside a room: everyone sees each other’s threads. ↳ Public marketplace: only memories you explicitly publish. |
Legal authorities | Only when required by law or to protect rights, property or safety |
We never sell your personal information.
International transfers
We host data in the United States and Singapore. Whenever we move data across borders we rely on standard contractual clauses or another recognised transfer mechanism.
Retention
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
We retain your Personal Data only for the period necessary to fulfill the purposes outlined in this Privacy Policy. This includes retaining and using your data as needed to comply with legal obligations, resolve disputes, and enforce our agreements and policies.
Deletion
You can delete or request our help in deleting the Personal Data we have collected from you. Our Service allows you to delete some of your information directly.
To update, amend, or delete your information, sign into your Account (if applicable) and visit the account settings. Alternatively, you can contact us to request access, correction, or deletion of any personal information you've provided.
However, please note that we may need to keep certain information if we have a legal obligation or a lawful basis to do so.
Transfer
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
Disclosure
1.1. Business Transactions
Should the Company engage in a merger, acquisition, or asset sale, your Personal Data may be transferred. You will be notified before such a transfer occurs and before your Personal Data becomes subject to a different Privacy Policy.
2.2 Law Enforcement and Other Legal Requirements
The Company may be compelled to disclose your Personal Data under specific circumstances:
Legal Obligation: When mandated by law or in response to legitimate requests from public authorities (e.g., a court or government agency).
Protection of Rights and Property: To protect and defend the rights or property of the Company.
Prevention of Misconduct: To prevent or investigate potential wrongdoing in connection with the Service.
Personal Safety: To safeguard the personal safety of Service Users or the general public.
Protection Against Legal Liability: To protect against legal liability.
3.3 Security Measures
While the security of your Personal Data is a priority, it is crucial to acknowledge that no internet transmission method or electronic storage method is entirely secure. Although we endeavor to use commercially reasonable measures to protect your Personal Data, we cannot guarantee its absolute security.
Your rights
Depending on where you live, you can request to: access, correct, erase, port, or restrict processing of your personal data, or object to certain uses. Email rudraj@qurios.ai to exercise these rights. We will respond within 30 days.
Security
We have not yet completed SOC 2, ISO 27001 or GDPR Article 27 representative appointment. Our planned controls include TLS 1.3, AES-256 at rest, MFA-protected admin console, monthly OWASP scans and quarterly external penetration tests. Roadmap items and their target quarters will be shared on Qurios website.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes
If we make material changes we will notify you by email or in-app at least 15 days before they take effect.
Contact
If you have any questions about this Privacy Policy, You can contact us:rudraj@qurios.ai